package com.microsoft.workaccount.workplacejoin.core;

import android.accounts.AccountManager;
import android.accounts.AuthenticatorDescription;
import android.annotation.SuppressLint;
import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.net.ConnectivityManager;
import android.net.NetworkInfo;
import android.os.Build;
import android.os.Bundle;
import android.util.Base64;
import android.util.Patterns;
import com.microsoft.identity.common.adal.internal.AuthenticationSettings;
import com.microsoft.workaccount.workplacejoin.Logger;
import com.microsoft.workaccount.workplacejoin.WorkplaceJoinException;
import com.microsoft.workaccount.workplacejoin.telemetry.TelemetryLogger;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class Util {
    private static final String RFC3339_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
    private static final String TAG = "Util#";

    public static String RFC3339DateToString(Date date) {
        Logger.v("Util#RFC3339DateToString", "RFC3339DateToString is called.");
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(RFC3339_DATE_FORMAT, Locale.US);
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        return simpleDateFormat.format(date);
    }

    public static Date RFC3339StringToDate(String str) throws ParseException {
        Logger.v("Util#RFC3339StringToDate", "RFC3339StringToDate is called.");
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(RFC3339_DATE_FORMAT, Locale.US);
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        return simpleDateFormat.parse(str);
    }

    public static String convertSoapToString(String str, Bundle bundle) {
        StringBuffer stringBuffer = new StringBuffer();
        Matcher matcher = Pattern.compile("\\{%(.*?)%\\}").matcher(str);
        while (matcher.find()) {
            String string = bundle.getString(matcher.group(1));
            if (string == null) {
                string = "";
            }
            matcher.appendReplacement(stringBuffer, string);
        }
        matcher.appendTail(stringBuffer);
        return stringBuffer.toString();
    }

    public static String convertStreamToString(InputStream inputStream) throws IOException {
        if (inputStream == null) {
            Logger.e("Util#convertStreamToString", "inputStream is NULL", WorkplaceJoinFailure.INTERNAL);
            return "";
        }
        StringWriter stringWriter = new StringWriter();
        char[] cArr = new char[1024];
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, "UTF-8"), 1024);
            while (true) {
                int read = bufferedReader.read(cArr);
                if (read == -1) {
                    inputStream.close();
                    return stringWriter.toString();
                }
                stringWriter.write(cArr, 0, read);
            }
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    public static IDeviceControlledAPI createDeviceApiForAdmin(Context context, IDeviceControlledAPI iDeviceControlledAPI) {
        if (iDeviceControlledAPI.isActiveAdmin(context)) {
            Logger.v("Util#createDeviceApiForAdmin", "Admin is not set");
            return iDeviceControlledAPI;
        }
        Logger.i("Util#createDeviceApiForAdmin", "creating DeviceControlledAPI as vanilla device since admin is not set");
        return new DeviceControlledAPI();
    }

    public static IDeviceControlledAPI createDeviceControlledAPI(Context context) {
        if (Build.MANUFACTURER.contains("samsung") && SamsungDeviceControlledAPI.checkSupportedSamsungVersion(context)) {
            Logger.i("Util#createDeviceControlledAPI", "creating SamsungDeviceControlledAPI as supported Samsung device found");
            return new SamsungDeviceControlledAPI();
        }
        Logger.i("Util#createDeviceControlledAPI", "creating DeviceControlledAPI as vanilla device found");
        return new DeviceControlledAPI();
    }

    public static String getAndroidOSVersion() {
        Logger.v("Util#getAndroidOSVersion", "getAndroidOSVersion is called.");
        return Build.VERSION.RELEASE;
    }

    private static Map<String, List<String>> getCurrentAuthenticatorPackageNamesAndCertSignatures(Context context) {
        HashMap hashMap = new HashMap();
        for (AuthenticatorDescription authenticatorDescription : AccountManager.get(context).getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals("com.microsoft.workaccount")) {
                if (!hashMap.containsKey(authenticatorDescription.packageName)) {
                    hashMap.put(authenticatorDescription.packageName, new ArrayList());
                }
                try {
                    for (X509Certificate x509Certificate : readCertDataForBrokerApp(context, authenticatorDescription.packageName)) {
                        MessageDigest messageDigest = MessageDigest.getInstance("SHA");
                        messageDigest.update(x509Certificate.getEncoded());
                        String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
                        if (hashMap.containsKey(authenticatorDescription.packageName)) {
                            ((List) hashMap.get(authenticatorDescription.packageName)).add(encodeToString);
                        }
                    }
                } catch (PackageManager.NameNotFoundException | WorkplaceJoinException | IOException | GeneralSecurityException e) {
                    Logger.v("Util#getCurrentAuthenticatorPackageNamesAndCertSignatures", "Exception during reading of cert or compute of signature, skipping compute and adding of cert signature for package name.  Exception message: " + e.getMessage());
                }
            }
        }
        return hashMap;
    }

    public static String getDeviceDisplayName() {
        Logger.v("Util#getDeviceDisplayName", "getDeviceDisplayName is called.");
        return Build.MANUFACTURER + Build.MODEL;
    }

    public static String getMessageFromDRSErrorResponse(String str) {
        try {
            return new JSONObject(str).getString("Message");
        } catch (JSONException unused) {
            Logger.v("Util#getReasonFromErrorResponse", "json format Message field is not found from Error", "Response: " + str);
            return "";
        }
    }

    private static X509Certificate getSelfSignedCert(List<X509Certificate> list) throws WorkplaceJoinException {
        int i = 0;
        X509Certificate x509Certificate = null;
        for (X509Certificate x509Certificate2 : list) {
            if (x509Certificate2.getSubjectDN().equals(x509Certificate2.getIssuerDN())) {
                i++;
                x509Certificate = x509Certificate2;
            }
        }
        if (i > 1 || x509Certificate == null) {
            throw new WorkplaceJoinException("Multiple self signed certs found or no self signed cert existed.");
        }
        return x509Certificate;
    }

    public static boolean isNetworkAvailable(Context context) {
        NetworkInfo activeNetworkInfo = ((ConnectivityManager) context.getSystemService("connectivity")).getActiveNetworkInfo();
        boolean z = activeNetworkInfo != null && activeNetworkInfo.isConnected() && activeNetworkInfo.isAvailable();
        if (z) {
            Logger.v("Util#isNetworkAvailable", "Network is available");
        } else {
            Logger.e("Util#isNetworkAvailable", "Network is NOT available", WorkplaceJoinFailure.NETWORK);
        }
        return z;
    }

    public static String obtainDomainFromUPN(String str) {
        String str2;
        if (str != null) {
            int indexOf = str.indexOf(64);
            str2 = indexOf > 0 ? str.substring(indexOf + 1) : str;
        } else {
            str2 = null;
        }
        Logger.v("Util#obtainDomainFromUPN", "Obtain domain from UPN.", "UPN: " + str + ", domain: " + str2);
        return str2;
    }

    public static String parseTenantFromUpn(String str) {
        int indexOf = str.indexOf(64);
        if (indexOf < 0) {
            return null;
        }
        return str.substring(indexOf + 1);
    }

    @SuppressLint({"PackageManagerGetSignatures"})
    private static List<X509Certificate> readCertDataForBrokerApp(Context context, String str) throws PackageManager.NameNotFoundException, WorkplaceJoinException, IOException, GeneralSecurityException {
        PackageInfo packageInfo = context.getPackageManager().getPackageInfo(str, 64);
        if (packageInfo == null) {
            throw new WorkplaceJoinException("No broker package existed.");
        }
        Signature[] signatureArr = packageInfo.signatures;
        if (signatureArr == null || signatureArr.length == 0) {
            throw new WorkplaceJoinException("No signature associated with the broker package.");
        }
        ArrayList arrayList = new ArrayList(packageInfo.signatures.length);
        for (Signature signature : packageInfo.signatures) {
            try {
                arrayList.add((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(signature.toByteArray())));
            } catch (CertificateException e) {
                throw new WorkplaceJoinException("Failed to get X509 certificate.", WorkplaceJoinFailure.AUTHENTICATORSERVICE, e);
            }
        }
        return arrayList;
    }

    public static void validateAuthenticator(Context context) throws WorkplaceJoinException {
        for (AuthenticatorDescription authenticatorDescription : AccountManager.get(context).getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals("com.microsoft.workaccount") && verifySignature(context, authenticatorDescription.packageName)) {
                Logger.v("Util#validateAuthenticator", "Authenticator package found.");
                return;
            }
            Logger.v("Util#validateAuthenticator", String.format("signature of Authenticator package is not matching. Package name:%s", authenticatorDescription.packageName));
        }
        WorkplaceJoinException workplaceJoinException = new WorkplaceJoinException(Constants.AUTHENTICATOR_NOT_TRUSTED);
        Logger.e("Util#validateAuthenticator", Constants.AUTHENTICATOR_NOT_TRUSTED, WorkplaceJoinFailure.AUTHENTICATORSERVICE, workplaceJoinException);
        TelemetryLogger.logEvent(context, "validateAuthenticator", Boolean.TRUE, String.format("Authenticator is not trusted, current workaccount Authenticator Package Name(s) and Signature(s): %s", getCurrentAuthenticatorPackageNamesAndCertSignatures(context).toString()));
        throw workplaceJoinException;
    }

    public static boolean validateEmailId(String str) {
        return Patterns.EMAIL_ADDRESS.matcher(str).matches();
    }

    public static boolean validateEmailIdLowerCaseOnly(String str) {
        if (str.length() > 0 && !str.matches(".*[A-Z]+.*")) {
            return true;
        }
        Logger.e("Util#validateEmailIdLowerCaseOnly", "validateEmailIdLowerCaseOnly check failed", WorkplaceJoinFailure.INTERNAL);
        return false;
    }

    private static void verifyCertificateChain(List<X509Certificate> list) throws GeneralSecurityException, WorkplaceJoinException {
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(getSelfSignedCert(list), null)));
        pKIXParameters.setRevocationEnabled(false);
        CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance("X.509").generateCertPath(list), pKIXParameters);
    }

    private static boolean verifySignature(Context context, String str) {
        try {
            List<X509Certificate> readCertDataForBrokerApp = readCertDataForBrokerApp(context, str);
            verifySignatureHash(readCertDataForBrokerApp);
            if (readCertDataForBrokerApp.size() > 1) {
                verifyCertificateChain(readCertDataForBrokerApp);
            }
            return true;
        } catch (PackageManager.NameNotFoundException unused) {
            Logger.e("Util#verifySignature", "Broker related package does not exist", "", WorkplaceJoinFailure.AUTHENTICATORSERVICE);
            Logger.v("Util#verifySignature", "No valid signature was found for Package '" + str + "'.");
            return false;
        } catch (WorkplaceJoinException e) {
            e = e;
            Logger.e("Util#verifySignature", e.getMessage(), "", WorkplaceJoinFailure.AUTHENTICATORSERVICE, e);
            Logger.v("Util#verifySignature", "No valid signature was found for Package '" + str + "'.");
            return false;
        } catch (IOException e2) {
            e = e2;
            Logger.e("Util#verifySignature", e.getMessage(), "", WorkplaceJoinFailure.AUTHENTICATORSERVICE, e);
            Logger.v("Util#verifySignature", "No valid signature was found for Package '" + str + "'.");
            return false;
        } catch (NoSuchAlgorithmException unused2) {
            Logger.e("Util#verifySignature", "Digest SHA algorithm does not exists", "", WorkplaceJoinFailure.AUTHENTICATORSERVICE);
            Logger.v("Util#verifySignature", "No valid signature was found for Package '" + str + "'.");
            return false;
        } catch (GeneralSecurityException e3) {
            e = e3;
            Logger.e("Util#verifySignature", e.getMessage(), "", WorkplaceJoinFailure.AUTHENTICATORSERVICE, e);
            Logger.v("Util#verifySignature", "No valid signature was found for Package '" + str + "'.");
            return false;
        }
    }

    private static void verifySignatureHash(List<X509Certificate> list) throws NoSuchAlgorithmException, CertificateEncodingException, WorkplaceJoinException {
        for (X509Certificate x509Certificate : list) {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(x509Certificate.getEncoded());
            String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
            if (AuthenticationSettings.INSTANCE.getBrokerSignature().equals(encodeToString) || "ho040S3ffZkmxqtQrSwpTVOn9r0=".equals(encodeToString)) {
                return;
            }
        }
        throw new WorkplaceJoinException("Signature hash of broker package is not valid");
    }
}
